HstsFilter.java

package filters;

import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;

/**
 * Servlet Filter implementation class HstsFilter.
 * Enabled HSTS on domains other than the ones hsts\d+\..*
 * We want to exclude those domains since HSTS is used to demonstrate HSTS supercookies on them.
 */
public class HstsFilter implements Filter {
	private Pattern domainPattern;
	
	/**
	 * Default constructor.
	 */
	public HstsFilter() {
		this.domainPattern = Pattern.compile("^hsts\\d+\\..*$");
	}

	/**
	 * @see Filter#init(FilterConfig)
	 */
	public void init(FilterConfig fConfig) throws ServletException {
		// TODO Auto-generated method stub
	}

	/**
	 * @see Filter#destroy()
	 */
	public void destroy() {
		// TODO Auto-generated method stub
	}

	/**
	 * @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
	 */
	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
		if(request.getServerPort() == 443){
			Matcher m = domainPattern.matcher(request.getServerName());
	
			//Enable HSTS for domains other than ones starting with hsts\d+.
			if(m.matches() == false){
				((HttpServletResponse)response).setHeader("Strict-Transport-Security", "max-age=31622400");
			}
		}

		// pass the request along the filter chain
		chain.doFilter(request, response);
	}
}